Network World this week published a brutal takedown of the network access control industry, called “NAC: What went wrong?” Consultant Joel Snyder wrote the article after spending four months lab testing the leading 12 NAC products. His conclusion? Five years of hype, new products, vendor launches, vendor collapses and standardization battles have produced a lot of smoke and not much else. The market is scattered, he says. All 12 top vendors are moving in 12 different directions.
Snyder writes that Cisco Systems in particular is guilty of going off the rails with NAC. Basically Cisco’s acquisition-happy ways has led to yet another case of two many cooks in the kitchen. Its acquisition of Perfigo, a vendor of a wireless access gateway product, evolved into the overlay product Cisco NAC Appliance. Meanwhile Cisco’s routing and switching business unit has built its own NAC product, Cisco Secure Access Control Server. If even Cisco can’t decide how to tackle the NAC market, how is an enterprise to figure out which direction to go.
Regardless of the failures of the NAC industry to truly catch fire, I continue to be amazed by the industry’s ability to continue supporting so many different vendors. Sure there are plenty of network infrastructure and network security vendors that can dabble in NAC as a side business. But there are still plenty of independent start-ups out there, too. They’re still trucking along, with few taking the next big leap to an IPO or a buyout. Occasionally you’ll see one go under, like ConSentry Networks, but the others insist they’re doing just fine.
Trusted Computing Group (TCG), the not-for-profit independent standards-body which promotes vendor-neutral NAC standards, has issued a response to Network World’s takedown with an email entitled “What’s Right with NAC?”
TCG cites a projection from Gartner that NAC will become a mature marketwithin two to five years (Gartner issued its first NAC Magic Quadrant last summer). TCG goes on to say: “Well, we agree with both Mr. Snyder at Network World and with [Gartner]. Certainly the path to NAC products has been neither short nor particularly easy, but today there are a lot of good products to choose from and people ARE using NAC successfully.”
Juniper Networks today unveiled it “3-2-1” architectural vision, also under an umbrella of technologies its dubbed the New Network. It’s a recipe for collapsing the data center network from three layers (access, aggregation and core) down to one. Step one, Juniper says, it collapsing down to just two tiers (access and core).
Juniper argues that most data center networks today devote too many ports in the network to connecting switches to switches. Instead, ports should mostly be connecting servers to servers in order to chop latency and reduce the number of network devices needed in a data center.
How does Juniper propose to solve this problem? Well, first Juniper wants enterprises to try flattening their networks to two tiers by ditching the aggregation layer in data centers. Enterprises today spend $1 billion out of $4.8 billion in annual data center switching dollars on aggregation switches, said Mike Banic, Juniper’s vice president of enterprise marketing, citing IDC research. That’s a lot of extra switches with a lot of extra man-hours spent managing them. Juniper argues that enterprises could do better by eliminating the aggregation layer, allow access layer switches to do all the switching between servers. Those access layer switches would only need to use their uplink ports for communications with the data center core and ultimately the campus LAN and WAN.
Juniper claims its Virtual Chassis technology is the key to this elimination of the aggregation layer. The Virtual Chassis technology is a software feature that allows multiple Juniper switches to act as — and be managed as — one single switch. Juniper has had the feature on the market for awhile now in its 1 Gigabit Ethernet EX4200 switches. By pooling multiple EX4200s into a virtual chassis, enterprises are able to eliminate aggregation switches and connect servers more directly together rather than sending packets up and down a three-tiered network.
Today Juniper extended this collapsed data center vision with several new products that should make this approach accessible to enterprises that want to upgrade from Gigabit servers to 10 Gigiabit servers.
- The EX4500 switch is a 48-port 10 Gigabit Ethernet, Layer 3 switch that will support converged enhanced Ethernet, data center bridging and Virtual Chassis technology. This switch will be available this month, but the converged fabric and Virtual Chassis features will be available in subsequent quarters.
- An EX8200 40XS, a 40-port 10 Gigabit Ethernet line card that will allow the EX8216 half-rack core chassis to scale up to 640 10 Gigabit ports. Juniper will also add its virtual chassis technology to the EX8200 switch series in 2011.
- Several new applications built on Junos Space, the open development platform Juniper introduced last year to allow the creation of specialized applications to be built right into the network hardware which runs the Junos operating system. These applications include Juniper Ethernet Design, an app that allows network managers to automate configuration and management of hundreds of switches
Juniper promises that down the road it will introduce additional products and technologies to further collapse data center network architecture from two layers down to one. This is the heart of what is promised in its still sketchy Project Stratus roadmap. There are still very few details about how exactly this single-tiered data center architecture will look. But Dhritiman Dasgupta, Juniper’s senior product marketing manager offered a decent preview while speaking on an Interop panel about the future of the data center network last month. He said:
The best network is the network that connects ports inside a switch,” he said. “It’s completely flat. Any port can talk to any other port. The ports share a consistent state. You can add line cards and it just scales seamlessly. If I could extend that to my data center network, that would be the best network to solve the challenges that virtualization brings.
Project Stratus gives you a network that is built like the inside of a switch. It extends that out to the entire data center network,” Dasgupta continued. “You can have hundreds of thousands of ports with tens of thousands of virtual machines at the end of each of these ports, all working together in harmony in one flat Layer 2 network. You process the packet once, and you have all the information you need to take it from point A to point B.
Carl Eschenbach, EVP of field operations, told IDG News Service that the media is making too much of its strategic alliance with EMC and Cisco Systems. VMware, he says, is an independent infrastructure software vendor that plays nicely with Dell, HP, IBM et al. “We treat everyone equally,” he said.
VMware, Cisco and EMC formed the VCE (Virtual Computing Environment) coalition late last year, which introduced the vbBlock Infrastructure Package, a modular data center package that’s supposed to power cloud computing. It consists of fully integrated and validated bundles of software, servers, storage and network gear. I guess Eschenbach thinks we, the media, are making too much out of the VCE coalition. But how can you avoid hyping a strategic relationship between the world’s biggest virtualization vendor, the world’s biggest storage vendor and the world’s biggest networking vendor?
And besides, VMware has more than a strategic relationship with these two companies. EMC owns 80% of VMware. In 2007, Cisco bought its own stake in the company. Yes, Cisco owns just 1.5% of VMware, but that’s probably about 100% more of an ownership stake than any VMware customer currently holds.
VMware has done a good job of staying vendor agnostic, which is important since enterprises want to be able to run a hypervisor on whatever hardware they have in their server racks. But tight relationships with partners (and part owners) will continue to be a fact of life. VMware faces some serious competition in the future from Citrix Xen and Microsoft’s Hyper V. At Interop last month, consultant Jim Metzler, of Ashton Metzler & Associates, surveyed attendees by show of hands during a panel session on virtualized application delivery appliances. First he asked attendees whether they were currently VMware shops. Nearly all of them raised their hands. Then he asked them if they expected VMware to be the only hypervisor vendor in their data center two or three years from now. No one raised a hand.
A future is coming where VMware won’t be the de facto hypervisor in data centers. How will VMware hold onto market share when Microsoft is giving away Hyper V? Advanced and innovative features and functionality is one answer. Another answer is continued strategic partnerships with key vendors, like EMC and Cisco.
Earlier this year, we reported that the newly released Cisco IOS 15 requires users to enter registration keys to verify software licenses for each machine. That requirement resulted in a ban on the use of Cisco IOS emulators. Needless to say this infuriated some Cisco users, who used Cisco IOS illicitly for the very above-board need to practice on Cisco equipment in homegrown labs.
Cisco IOS 15 requires users to punch a registration key into every machine running. In return, Cisco gets to keep an image of every machine you have. So Cisco salespeople know just when and how to hit you up for a sale. But they also have a constantly updated image of your network. Ferro raises a host of questions about the use of this information that are worth checking out.
NCCM is becoming increasingly popular. Not only have enterprises recognized that NCCM products can help automate networks and reduce network failures. They’ve also recognized it as a means toward achieving better compliance with industry and government regulations.
This morning Netcordia, a highly rated network configuration and change management (NCCM) startup with about 330 customers, was acquired by Infoblox, a leading DDI (DHCP, DNS and IPAM) vendor.
Steve Nye, Infoblox’s executive VP of product strategy, said he sees the NCCM and DDI markets coming together as enterprises gravitate toward network infrastructure management automation. He said both companies have been trying to solve the same problem: Manual changes to the network are the leading cause of network failures. “We approach this from the IP address management point of view and Netcordia approaches it from a device configuration point of view.”
As a result, there has been plenty of M&A activity and consolidation in the NCCM space recently. In addition to the Netcordia-Infoblox deal, IBM acquired NCCM vendor Intelliden couple of months ago. And last week EMC announced a deeper integration of its NCCM technology, Ionix Network Configuration Manager (formerly known as Voyence, a company EMC acquired in 2007) with its Ionix for IT Operations Intelligence. This integration essentially enables the product to alert and accelerate troubleshooting when network configuration changes affect network availability and performance.
Cloud computing is all the rage at Interop this year. There are keynote sessions devoted to it, plenty of educational sessions. You’ve got a whole host of cloud vendors here. It seems like just about every vendor on the floor has found a way to jam the word cloud into their marketing material.
So who is adopting cloud computing? Well, if you include software-as-a-service (SaaS), which has been swept up into the cloud marketing vortex, cloud computing is taking off, I suppose. About 41% of Interop attendees are using SaaS products like Salesforce.com, according to a survey of 104 IT pros conducted at Interop by Network Instruments.
Twenty-nine percent of attendees have deployed a private cloud. I’d be interested in learning from these survey respondents what they mean by a private cloud. I talked to the CIO of a midmarket firm late last year who said he’s basically been running a private cloud out of his data center for six or seven years… long before anyone was talking about the cloud. It’s all in the eye of the beholder, I guess.
A small number (19%) of respondents said they are actually using the most-hyped of all cloud computing models, infrastructure-as-a-service (IaaS), from providers like Amazon.
So plenty of folks are using some shape or form of cloud computing. Granted some of them might have another name for it: SaaS, ASP, hosted service provider, etc, etc.
What sort of concerns do they have about the cloud? Network Instruments asked their survey respondents about that, too.
- Twenty-two percent say they lack the tools to monitor and manage cloud activity.
- Twelve percent say they are unable to resolve delays caused by cloud providers.
- Twenty-seven percent are worried that cloud computing services will bust their Internet bandwidth budgets.
On the flipside, 33% of respondents see cloud computing as a way to lower infrastructure costs and 30% see it offering them more flexibility to deal with changing business demands.
Cisco’s Interop booth includes a presentation on Cisco Certified Refurbished Equipment. I wasn’t aware that Cisco had its own program for refurbishing and selling used gear, but apparently it’s had this program in place since 2001.
Prices for this certified used gear ranges from 25% (for newer products) to 65% (for older products) of list prices.
Companies like Network Hardware Resale have made hay the last couple years with the down economy. I wonder if the presence of Cisco’s rather low-profile certified used equipment program at Interop is a response to this.
Clearly Cisco wants you to buy used gear from it. At the Cisco booth, it’s showing how difficult it is to distinguish between legitimate Cisco products and counterfeit equipment. They have counterfeit silicon (collected by their “investigative team”) at the booth, showing how similar they look.
Extreme Networks and Force10 Networks are both showing off 40 Gigabit Ethernet (GbE) technology at Interop.
Force10 articulated its 40 GbE product roadmap in advance of the show, promising to have 40 GbE products from the rack to the core by the end of the year, but it doesn’t have any specific product details or release dates to offer yet.
Extreme is demonstrating actual 40 GbE products at the show. It’s showing the VM3-40G4X, a 4-port 40 GbE module (priced at $3,995 and available in the 3rd quarter). In the demo Extreme has one of the modules in Summit X650 stackable switch, providing 40 GbE uplinks to a BlackDiamond 8900 chassis with another 40 GbE module in it. Basically, this demo is supposed to show a top-of-rack to data center core 40 GbE configuration.
Shehzad Merchant, Extreme’s senior director of strategy, said some of Extreme’s customers have been running six 1 GbE links from single servers. They want to upgrade to single 10 GbE server links, but that will require 40 Gigabit aggregation and core layers. This module promises to give them that migration path.
It’s only a matter of time before Cisco, HP and the rest bring their own 40 GbE products to market.
During his keynote presentation at Interop Las Vegas 2010, Marius Haas, GM and SVP of HP Networking (the ProCurve brand has been retired along with 3Com), boasted of HP’s $1.5 billion internal IT transformation, using nothing but HP hardware (including the newly acquired 3Com network infrastructure). HP consolidated 85 data centers down to six “next generation” data centers, decreased servers by 40%, consolidated applications from 7,000 to less than 2,000 and tripled its bandwidth.
Haas said this transformation was aimed at combating the 80:20 conundrum (the familiar notion that IT spends 80% of its time maintaining infrastructure and 20% of its time innovating). The key to fighting this, Haas said, is simplifying infrastructure by consolidating networks, storage and servers into modular packages that can be deployed within data centers. HP has the expertise to deliver it all, Haas argued, especially since HP’s acquisition of 3Com. Haas emphasized that this vision includes an open architecture, but it’s an open architecture that can be all HP.
This begs the question: Do you want to get all of your infrastructure from the same vendor? Many IT organizations are hesitant to depend on one vendor for everything. They don’t want to get locked into one technology and get held hostage by their incumbent vendors. Forget about getting servers, storage and networks from the same vendors. Some network managers like to have more than one networking vendor in their environment. They might pay premium for high end switches in their core, but go with a cheaper vendor at top of rack.
Cisco Systems has articulated a similar modular vision as it has expanded into servers with its Unified Computing System. Basically, you can buy a package of servers, LAN and SAN technology all from Cisco and plug it into your data center.
Obviously HP and Cisco have both decided to claim a larger individual footprint in each of their customers’ data centers. They’ve been moving in this direction for a couple years now. The question is, will customers want to let a big vendor like Cisco and HP to own so much of their infrastructure?
Network Hardware Resale, probably the biggest seller of used network equipment in the country, surveyed 1,200 North American enterprises who have bought used networking gear or “alternative maintenance services” over the past year. The company released the results this week, in advance of next week’s Interop show.
- About 80% of those companies have used network gear in their production networks.
- 61% are expanding their networks with used gear.
- 40% will increase their spending on used gear in 2010.
There’s not a big surprise here. Times are still tough and companies who have spent on used network gear in the past aren’t afraid to do it again in the future.
Network Hardware Resale also sells “alternative maintenance services,” basically a service aimed at competing with Cisco’s SMARTnet maintenance program. Consequently, this survey also focused on how enterprises support their networking gear. This is where it gets a little more interesting.
Forty percent of these surveyed companies say that they only buy Cisco SMARTnet maintenance contracts for their core network equipment. And 31% of respondents have cut or plan to cut maintenance spending on some network gear to save money. Almost 25% have replaced SMARTnet with alternative services from companies like Network Hardware Resale.